//package com.baizhi.cmfz.shiro;
//
//import com.baizhi.cmfz.dao.AdminDao;
//import com.baizhi.cmfz.entity.Admin;
//import org.apache.shiro.authc.*;
//import org.apache.shiro.authz.AuthorizationInfo;
//import org.apache.shiro.authz.SimpleAuthorizationInfo;
//import org.apache.shiro.realm.AuthorizingRealm;
//import org.apache.shiro.subject.PrincipalCollection;
//import org.springframework.beans.factory.annotation.Autowired;
//import org.springframework.web.context.request.RequestContextHolder;
//import org.springframework.web.context.request.ServletRequestAttributes;
//
//import javax.servlet.http.HttpServletRequest;
//import javax.servlet.http.HttpSession;
//import java.util.Set;
//
//
//public class AuthenRealm extends AuthorizingRealm {
//	@Autowired(required = false)
//	private AdminDao adminDao;
//
//
//	/**
//	 *
//	 * @param authenticationToken 验证哟用户信息
//	 * @return 返回包含的用户信息得到对象
//	 * @throws AuthenticationException 抛出异常
//	 */
//	@Override
//	protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authenticationToken) throws AuthenticationException {
////		1.获取token中的数据
//		UsernamePasswordToken token = (UsernamePasswordToken)authenticationToken;
//		String username = token.getUsername();
////		2.查询数据库,得到admin对象
//		Admin admin = adminDao.selectAdminByNameAndPassword(username);
////		3.如果对象不为空，那么封装进info并返回
//		if (admin!=null) {
////			获取session对象
//			ServletRequestAttributes requestAttributes = (ServletRequestAttributes) RequestContextHolder.getRequestAttributes();
//			HttpServletRequest request = requestAttributes.getRequest();
//			HttpSession session = request.getSession();
////			将admin放入session
//			session.setAttribute("admin",admin);
//			return new SimpleAuthenticationInfo(admin.getAdminName(),admin.getAdminPassword(),this.getName());
//		}
////		返回null
//		return null;
//	}
//
//	/**
//	 * 获取授权的数据
//	 * @param principalCollection
//	 * @return
//	 */
//	@Override
//	protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principalCollection) {
////		1。获取用户名
//		String principal = (String) principalCollection.getPrimaryPrincipal();
////		根据用户名查询用户的角色和权限
//		Set<String> resource = adminDao.selectAdminResource(principal);
//		Set<String> role = adminDao.selectAdminRole(principal);
////		如果不为空 封装进info
//		if(resource!=null && role!=null){
//			SimpleAuthorizationInfo simpleAuthorizationInfo = new SimpleAuthorizationInfo();
//			simpleAuthorizationInfo.setRoles(role);
//			simpleAuthorizationInfo.setStringPermissions(resource);
//			return simpleAuthorizationInfo;
//		}
//		return null;
//	}
//}
